Of Spam & Men

To content | To menu | To search

Tag - antispam

Entries feed - Comments feed

Saturday 26 January 2008

Google as an RBL

From SecuryTeam:

For those not familiar with RBL, the term means Real-time Blackhole List, it is mainly used for SPAM fighting. I have recently started playing around with Google as an RBL engine, the idea is that if the search term I use hits too many hits it is likely to be SPAM

This is actually interesting, i've been googling urls found in spams for a little while now but those kind of search never return tons of pages, but it does return a few of them, and most of the time they are security related site. This "google rbl" could be pretty usefull coupled with a list of trusted security sites. If the search returns a few urls from those sites, then the mail is likely to be a spam or malware related. What about a mail with "http://securityfocus.com" in the body? uhuh...definitely not bulletproof! So better stick to the IP of the sender and just count the number of hits returned by google.

from securiteam

Saturday 15 September 2007

Greylist effect

We decided to active the greylisting antispam solution for all our mailboxes at work.. here how it shows on our graphs:

greylisting.png

Tuesday 7 August 2007

Spam King gets 30 years in jail

smith.jpgChristopher Smith, the notorious "pharmacy spam king," has received a 30-year-jail sentence for running an illegal internet store that sold millions of dollars in prescription drugs.

via Secure Computing Magazine

Saturday 3 March 2007

greylist experimentation results

Here at work, we are averaging 66% of spam, which means that most of our users get twice as much spam as regular mails. I know some users who even gave up on email because they were getting 90% of spam. We use spamassassin and CRM114 so we tag every detected mail (we aren't allowed to delete mails, even if spamassassin scores it at 1000, security reasons). Still, users like to complain that they get too much spam.

Anyway.. we decided it was time to test greylisting to try to reduce the amount of pollution in users' mailboxes.

Continue reading...

Friday 12 January 2007

Disposable Email Services

A good way to prevent your main email address from being spammed is not using it when creating web accounts or subscribing to websites. Managing different email accounts isn't trivial and dropping a free account when it starts being spammed to open another one in the next minute isn't really usefull either.

What you really need is a temporary email address you can use to prove you're not a robot. One you can throw away as soon as you have used it. That's what disposable email services are for.

Continue reading...

Wednesday 27 December 2006

ORDB.org is shutting down

ordb.org was one of the rare open-relay rbl (Realtime Blackhole List) that would actually perform a check on the servers before blacklisting them. You could always remove your servers after correcting the problem since ordb would also perform a check before removing a server from its RBLs. It was my favorite RBL and it's shuting down:

Continue reading...

Thursday 7 December 2006

New York Time on new spam methods

Brad Stones from The New York Times writes about the new surge of spam:

You’re not the only one. Spam is back — in e-mail in-boxes and on everyone’s minds. In the last six months, the problem has gotten measurably worse. Worldwide spam volumes have doubled from last year, according to Ironport, a spam filtering firm, and unsolicited junk mail now accounts for more than 9 of every 10 e-mail messages sent over the Internet.

Much of that flood is made up of a nettlesome new breed of junk e-mail called image spam, in which the words of the advertisement are part of a picture, often fooling traditional spam detectors that look for telltale phrases. Image spam increased fourfold from last year and now represents 25 to 45 percent of all junk e-mail, depending on the day, Ironport says.

Continue reading...

Saturday 2 December 2006

Spamhaus TOP 10 lists

top10tin.jpg Spamhaus is a well known organisation tracking spams and spammers. It offers services like the Spamhaus Block List and the Exploits Block List which are both realtime block list to be used with your mail servers. Spamhaus also tracks spammers and publishes data about them:

For example, the worste spammer today is an ukrainian citizen named Alex Polyakov also known as Alex Blood, Alexander Mosh, etc. (Alex Polyakov is the big Soviet spy character in John LeCarre's spy novel "Tinker, Tailor, Soldier, Spy.").

Continue reading...

Sunday 26 November 2006

Catching fake replies with spamassassin

The most common (and useless?) trick used by spammers to fool users is the fake reply method. By adding "Re: <something>" in the subject, spammers assume that the victim will believe it's a reply to one of their mail. Unfortunately for them, the SMTP RFC (rfc 822) offers optional and commonly used headers for defining a reply and Spamassassin can be used to detect when those headers are missing.

Continue reading...

Thursday 16 November 2006

When spammers get serious

Spammers spam and I make a living stoping spam (well, that's not the only thing i do) and i do it well. At work we use a combination of Spamassassin and CRM114. That's a combination of two different antispam mechanisms:

This system isn't perfect but give pretty good results: 99.6% of the spam that were sent to my addresses were detected. But that was before they started using poisonning methods and captcha images...

Continue reading...